package demo.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

import lombok.extern.slf4j.Slf4j;

@Slf4j
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfiguration /*extends WebSecurityConfigurerAdapter */{
	
//	@Bean
//	@Override
//	public UserDetailsService userDetailsService() {
//		return new UserDetailsService() {
//			@Override
//			public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
//				String[] roles;
//				if (username.startsWith("user")) {
//					roles = new String[] { "USER" };
//				} else if (username.startsWith("admin")) {
//					roles = new String[] { "USER", "ADMIN" };
//				} else {
//					roles = new String[] { username.toUpperCase() };
//				}
//				return User.withDefaultPasswordEncoder().username(username).password(username).roles(roles).build();
//			}
//		};
//	}
//
//	@Override
//	@Bean
//	public AuthenticationManager authenticationManagerBean() throws Exception {
//		return super.authenticationManagerBean();
//	}
//	
//	@Override
//	protected void configure(HttpSecurity http) throws Exception {		
//		log.info("****Override WebSecurityConfigurerAdapter.configure(HttpSecurity) to DO NOTHING! Use ResourceServerConfigurerAdapter.configure(HttpSecurity)");
//        http.requestMatchers()
//        .antMatchers("/login", "/oauth/authorize")
//        .and()
//        .authorizeRequests()
//        .anyRequest().authenticated()
//        .and()
//        .formLogin().permitAll();
//	}
}
